Key Information Vulnerability Description CVE ID: CVE-2024-8418 Vulnerability Name: containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service Report Date: 2024-09-04 10:57 UTC Reporter: OSIDB Bzimport Modified Date: 2024-09-04 13:45 UTC Status: NEW Priority: medium Severity: medium Affected Versions: 1.12.0 and 1.12.1 Description: A vulnerability exists in Aardvark-dns versions 1.12.0 and 1.12.1, where serial processing of TCP DNS queries leads to a denial of service. Malicious clients can keep TCP connections open, causing other DNS queries to time out, thereby resulting in denial of service for all containers using aardvark-dns. Technical Details Component: vulnerability Product: Security Response Keywords: Security Dependencies: CVE-2024-8418 Whiteboard: Not specified URL: Not specified Whiteboard: Not specified Dependencies: 2309686 and 2309687 Blocks: Not specified Additional Information Reporter: Product Security DevOps Team Contact: Not specified Status: Not specified Environment: Not specified Last Closed Date: Not specified Confidentiality: Not specified Summary This vulnerability is a denial of service issue in Aardvark-dns caused by serial processing of TCP DNS queries. The affected versions are 1.12.0 and 1.12.1. The vulnerability was reported on 2024-09-04 10:57 UTC by OSIDB Bzimport. The priority and severity are both rated as medium.